Recipient-specific feature activation

ABSTRACT

The present disclosure relates to recipient-specific feature activation. In an embodiment, a device may store firmware for executing a superset of device features associated with an intended recipient. The device may be configured to limit device functions to a subset of the device features or a specific firmware configuration based on an indication remotely received from an activation authority. Intended recipients may include specific customers of the device, an intended market or region, or other recipients.

SUMMARY

In an embodiment, a method may comprise associating a set of features ofa device with an intended recipient, storing firmware on the device, thefirmware adapted to execute the set of features, determining a subset ofthe set of features to enable, and remotely enabling the subset on thedevice.

In another embodiment, a device may comprise a storage medium storingfirmware for executing a superset of device features, the supersetassociated with an intended recipient, and a processor configured toreceive, from an activation entity remote from the device, an indicationlimiting the device to performing a subset of the superset, andimplement an operating state including the subset.

In another embodiment, a device may comprise a memory storing firmwarefor executing a superset of features associated with an intendedrecipient, the firmware adapted to have multiple potentialconfigurations of subsets of features from the superset to controloperation of the device, an interface adapted to receive, from anactivation entity remote from the device, an indication of a selectedconfiguration to implement from the multiple potential configurations,and a processor configured to operate the device based on the selectedconfiguration.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of an illustrative embodiment of a system forrecipient-specific feature activation;

FIG. 2 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 3 is a diagram of an illustrative embodiment of a system forrecipient-specific feature activation;

FIG. 4 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 5 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 6 is a diagram of an illustrative embodiment of a system forrecipient-specific feature activation;

FIG. 7 is a diagram of an illustrative embodiment of a system forrecipient-specific feature activation;

FIG. 8 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 9 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 10 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 11 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation;

FIG. 12 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation; and

FIG. 13 is a flowchart of an illustrative embodiment of a method forrecipient-specific feature activation.

DETAILED DESCRIPTION

In the following detailed description of the embodiments, reference ismade to the accompanying drawings which form a part hereof, and in whichare shown by way of illustration of specific embodiments. It is to beunderstood that other embodiments may be utilized and structural changesmay be made without departing from the scope of the present disclosure.It is also to be understood that features of the various embodiments canbe combined, separated, exchanged, or removed without departing from thescope of the present disclosure.

Devices may be configured to have a number of different options,features, or other variants. For example, computing devices may beloaded with or run different firmware to implement different featuresets. In an example embodiment, a single physical model of data storagedevice may be configured with different data storage or encryptionfeatures depending on the firmware running on the device. For example,the device may include a single firmware capable of performing differentselectable feature sets. In another example, a device may includemultiple firmware versions, and one or more firmware versions may beenabled or disabled to implement different features or functions.Different device variants may have different market values. Customers,markets, or other intended recipients of devices may request, placeorders for, or show demand for different feature sets or configurationsof a device. Further, this demand may change over time.

Different feature sets and variations of devices can result in aplethora of shipping variants for a device. Changes in market demand orspecific customer orders can create complexity and inefficiency inproduction and shipping. For example, devices may need to be recalled,unpackaged, and powered on to load a new feature set or firmware inresponse to changing product demand. Uncertainty in final configurationsfor customer orders can result in shipping delays. Changing productconfigurations and values can create complexity in assigning andmaintaining stock keeping units (SKUs). Accordingly, it may be desirableto postpone the complexity of setting device configurations and SKUslate into the production or supply chain, or even until receipt by anend recipient. Intended recipients may be referred to herein as“customers,” although other intended recipients are included within thescope of the disclosed embodiments.

FIG. 1 depicts an embodiment of a system for recipient-specific featureactivation, generally designated 100. System 100 shows an exampleprocess for delaying activation of device feature sets late into thedevice's supply chain. In the example system 100, device 102 is producedat a manufacturer 104. In some embodiments, manufacturer 104 mayrepresent a factory at which the device is fabricated, or it canrepresent a location or entity farther down the supply chain, such as aseparate original equipment manufacturer (OEM) reselling the devicesunder the company's brand name. The device 102 may be any type of devicecapable of having multiple configurations or feature sets, for examplecomputers, phones, tablets, data storage devices, televisions, set-topboxes, gaming systems, or other devices. For example, device 102 may bea data storage device having a memory, processor, and an interface thatcan physically connect and disconnect from a host computer, theinterface configured to allow data communications between the datastorage device and the host computer. In some embodiments, device 102may be produced and not loaded with any firmware or software to controldevice operations, or it may be loaded with a basic set of firmware orsoftware, such as firmware enabling the device 102 to detect and loadadditional firmware or software at a later point. In some embodiments,firmware may be loaded onto the device 102 which enables the device toperform some or all potential configurations and feature sets, andselected features may be enabled or disabled at a later point. Forexample, the device 102 may be loaded with five different firmwareversions, and the device may be instructed to implement a selected oneof the five firmware versions at a later point. In another exampleembodiment, the device 102 may be loaded with a single firmware that maybe capable of performing all potential features, and the device 102 maybe configured at a later point to enable or disable a subset of thosefeatures. Other configurations are also possible.

The system 100 may include shipping the device 102 to a destination 108.For example, if manufacturer 104 represents a production factory,destination 108 may represent an OEM facility. If manufacturer 104represents an OEM, destination 108 may represent a party farther downthe supply chain. In some embodiments, destination 108 may include adistributor (e.g. a warehouse for a retailer), or even an end customer.At the destination 108, the device 102 may then have a selected featureset or variation activated or enabled. For example, an activationauthority 110 may be contacted with a request to activate a feature seton the device 102.

Activation authority 110 may include the OEM, or an authorized thirdparty. For example, the activation authority may be a licensingauthority or other security authority having an established trustrelationship with the manufacturer, and authorized to activate devicesof the manufacturer. The activation authority may be a retailer, such asan online retailer that allows a customer to select and purchase afeature set, and activates the selected features in return for payment.

The activation authority 110 may enable features 112 on the device 102.For example, the activation authority 110 may provide to the destination108 or device 102 an activation code, digital certificate, firmware orsoftware, or other data or rights to activate, enable, or load a featureset on the device 102. For example, the activation authority 110 mayreceive a UID (unique identifier) for the device 102 from thedestination 108. After verifying the UID and determining an associatedauthorized feature set, the activation authority may provide a physicalor digital package to the destination 108 or device 102 including one ormore keys or digital certificates to authenticate the package and theactivation authority, as well as any additional authorities such as alicense authority. The package may also include data for enabling afeature set, e.g. a listing of features to activate on pre-loadedfirmware of the device 102, or firmware or software the device 102 mayinstall in order to enable the features.

After activating features on the device 102, the device may be used atthe destination 108, or the device 102 may be sent farther along thesupply chain, for example to a retailer or customer. A process ofremotely activating features may be repeated. For example, a customermay receive an activation package on a device the customer has alreadybeen using, where the package may include a firmware update enabling newfeatures on the device. In some embodiments, a desired feature set for adevice 102 may be known prior to shipping, but the features may not beactivated until after shipping to simplify managing the supply chain.

Turning to FIG. 2, a method for recipient-specific feature activation isshown and generally designated 200. The method 200 may includemanufacturing a device, at 202. For example, manufacturing may includeassembling the physical components of a device. In some instances,manufacturing may also include loading an initial set of firmware andsoftware (e.g. at 204), loading security data or other data (e.g. at206), and establishing initial settings and functions for the device ata manufacturing location. After manufacturing, a device may be stored ata manufacturer's location, such as in a warehouse, and then may beshipped to a recipient. The device may include any sort of device whichmay be configured with different features or options after the devicehas been manufactured.

The method 200 may include loading firmware to the device, at 204. Thismay be performed at a manufacturing plant or at a later point in thesupply line. In an example embodiment, only very basic firmware may beloaded to allow the device to detect a full operating firmware orsoftware set loaded later including a finalized set of features oroptions. In other embodiments, a single robust firmware set may beloaded including all potential features or options, and specificfeatures may be activated, deactivated, or completely disabled at alater point. In another embodiment, the method 200 may involve loadingthe device with multiple sets of independent or interoperable firmware,with one or more of the firmware sets capable of activation ordeactivation at a later point to enable specific features or options.

The method 200 may also include loading security information to thedevice, at 206. For example, the device may be loaded with one or morekeys or security certificates to enable the device to engage in securecommunications or to recognize data from trusted sources. In someembodiments, the device may be loaded with one of a symmetric key pair,or keys from asymmetric key pairs. The device may use the securityinformation to decrypt or authenticate data packages loaded to thedevice at a later point which may include information to enable or loada feature set of the device. This can prevent unauthorized parties fromloading malware onto the device or from activating or deactivatingfeatures without proper approval. For example, the security informationmay be loaded by the manufacturer, and the manufacturer may laterprovide a secure feature activation package to the device. In anotherembodiment, security keys or certificates for loading to the device maybe provided by one or more trusted activation authorities, licensingauthorities, or commerce authorities. One or more of the trustedauthorities may then be able to activate features on the device byencrypting or signing activation packages with corresponding keys orincluding certificates for authentication.

The method 200 may involve shipping the device to a destination, at 208.For example, if the manufacturing and data loading steps were performedat a factory, shipping the device may include sending the device to anOEM facility. In some embodiments, the device may be manufactured at afactory, then the firmware and security information may be loaded at anOEM facility, and the device may then be sent to a distributor,retailer, or customer at 208.

The method 200 may include receiving a device activation request,including identification data, at 210. For example, after the device hasreached a specified destination, a party may desire to remotely activatea feature set on the device. Remote activation of features or firmwareconfigurations may mean activating configurations on a device withoutphysically connecting the device to computers during a manufacturingprocess. For example, a device may receive an indication of a selectedconfiguration via near field communication after the device is packagedfor shipping to a destination. In another example, a device may receivean indication of a selected configuration over a network after receiptby a customer or other recipient at any location relative to anactivation authority, such as a manufacturer, shipping entity, or othertrusted activation entity.

In some embodiments, a remote activation process may involve retrievinga unique identifier for the device and transmitting that information toan activation authority for the device. For example, a digital devicemay be powered on, and may connect to a network and transmit thedevice's UID to a pre-programmed activation authority. The UIDtransmission may be encrypted with a secure key or digital certificate,of the device so that the activation authority can authenticate that therequest originated from an approved device. In some embodiments, thedevice may be connected to a computer, which may retrieve identifyinginformation from the device. For example, the computer may download userinterface software from the device allowing the user to select desiredfeatures, and submit the requested features, possible payment, anddevice identifying information to an activation authority. Theactivation authority may include the manufacturer, or one or moresecurity authorities (e.g. to issue trusted certificates), commerceauthorities (e.g. to process transactions), license authorities (e.g. toissue licenses), or other trusted authorities for activating a featureset on the device.

The method 200 may include determining whether the identifying datareceived at 210 matches a device record, at 212. For example, a UIDreceived with the activation request may be compared against a databaseof UIDs for shipped devices. In some embodiments, identifyinginformation may only include a device manufacturer, device model number,or other information indicating that the device may be serviced by theactivation authority. Determination 212 may also include authenticatingthe request by verifying a digital signature on the request orattempting to decrypt the request with a designated key.

If a determination is made that the identifying data from the devicedoes not match supported device records or is not authentic, at 212, themethod 200 may include not activating the device or any feature sets oroptions thereof, at 214.

If the device has been authenticated at 212, the method may includedetermining a feature set for the device, at 216. For example, a featureset for the device may have been designated by a manufacturer orauthentication authority after the device was manufactured but prior toreceiving the activation request, at 210. In such embodiment, the methodmay include looking up the feature set designated for the device in adatabase. In another embodiment, a customer, client, or other entity mayselect one or more features or options to enable on the device, andsubmit those selections along with or in addition to the activationrequest and device identifying information. For example, a customer mayselect desired features and pay a fee, authorizing the selected featuresfor activation on the customer device.

The method 200 may include sending a data package to the device, whichmay include security information and the selected feature set, at 218.The data package may include a digital package, for example sent overthe internet or wirelessly, to the device, a computer in communicationwith the device, or another computing device of a recipient. In anotherembodiment, the data package may include a physical package, such asdata recorded onto a DVD, flash drive, memory card, or other storagemedium. In some embodiments, the package may include printed or audiomaterial, such as activation codes which may be entered by a customer orother activating entity.

The data package may include security information, such as certificatesfor one or more activation authorities or the manufacturer, or thedevice may be digitally signed or encrypted by a key. For example, thedata package may be encrypted so that the device can decrypt the packageusing a secure key stored on the device; if the data package is notdecryptable with the device's key, the device may not activate theindicated features or install any included software. In otherembodiments, the device may verify a certificate included with thepackage prior to performing operations based on the package.

The package may include a feature set, such as the features identifiedfor the device at 216. In some embodiments, the package may identifyfeatures to activate, deactivate, or to disable on the device, with thedevice already including any necessary hardware, software, or firmwareto implement the selected features. In another embodiment, the datapackage may include software, firmware, program code updates, or otherinformation for implementing the selected features, and the device mayinstall the included code to enable the features. Other embodiments andcombinations are also possible.

FIG. 3 depicts an embodiment of a system for recipient-specific featureactivation, generally designated 300. The system 300 may be anembodiment of the system shown in FIG. 1, and may perform the methodshown in FIG. 2. They system 300 may include an activation authority310, which may correspond to activation authority 110 of FIG. 1.Activation authority 310 may include the manufacturer for a device, atrusted security authority, or one or more other parties with authorityto approve or activate features or options on a device. Activationauthority 310 may select or manage security information, such as keys orcertificates, to ensure secure transmission or authentication of devicesand feature activation packages.

Activation authority 310 may provide one or more security keys 314 to amanufacturer 304 of a device 302. For example, this may include one ormore sets of keys for symmetric key pairs, asymmetric key pairs,security certificates, or other security information to be loaded ontodevice 302. The security information provided by activation authority310 may allow activation authority 310 to recognize communications fromdevices (e.g. through digital signatures), as well as allowing devicesto recognize and authenticate communications and data from theactivation authority 310. In some embodiments, multiple authorities(e.g. license or commerce authorities 322, security authorities) mayprovide keys or certificates to establish authority and security fortheir involvement in the recipient-specific feature activation system.

Manufacturer 304, which may correspond to manufacturer 104 of FIG. 1,may load the security information onto devices 102, as well as anyinitial firmware or software. One or more additional keys may be loadedonto device 102 in addition to the security information received fromactivation authority 310. Manufacturer 304 may ship 306 device 302 to aspecified destination (e.g. distribution facility, retailer, customer).An activation client 316 may then be used to activate features on thedevice 302. An activation client 316 may represent entities, devices, orboth used in device activation. For example, device 302 may includesoftware for an activation client user interface program loaded onto thedevice. When the device is plugged into a computer, the computer maydownload and install the software from the device, loading a userinterface program for device activation onto the computer. In anotherembodiment, an activation client may be a device for scanning devicepackages and for loading data packages onto device, for example usingnear-field communication (NFC), radio frequency identification (RFID)technology, or any other wireless transmitting and receiving technologythat can perform the functions described herein. In another embodiment,an activation client 316 may include a computer running software fordevice activation, the computer having access to databases orinformation scanned from separate scanning devices. Other embodimentsare also possible.

Activation client 316 may obtain information 318 from device 302identifying the device, such as a UID. In some embodiments, theactivation client may also obtain a list of features available for thedevice 302, either from the device itself or from other sources, such asthe internet. Information obtained from the device 302 may be encryptedor digitally signed using security information loaded on the device.Activation client 316 may allow a user to select desired features, enterpayment information, register the device, save or print licensinginformation or other options. The information obtained from the device302, as well as selected features, payment information, or otherinformation, may be sent 320 to a commerce authority 322. For example,commerce authority 322 may be a retailer, bank, or other party with atrust relationship with the manufacturer 304, activation authority 310,or other authorities involved in the feature activation process.Commerce authority 322 may accept payments corresponding to selectedfeatures, payments for the device 302, or other activities. The commerceauthority 322 may also verify the authenticity of the device 302 or theactivation request. For example, security information or certificatesfrom the commerce authority 322 may be loaded onto the device 302 by themanufacturer 304, and the commerce authority 322 may verify that theappropriate security information has been included from the device 302as part of the transmission 320 from the activation client. Although asingle commerce authority 322 is depicted in the example system 300,more or no commerce authorities may be include, or different authoritiesmay be included, such as a licensing authority. For example, an importauthority may be included which authorizes the use of a device in aparticular country or region. Regional authorities may be used to manageregional rights regarding features and distribution (e.g. some featuresmay be covered by intellectual property rights in some countries but notothers, or some features may not be covered by regional distributionagreements).

Commerce authority 322 may pass information along to the activationauthority 310, such as device ID information 324, security information,or other information. Activation authority 310 may verify a trustrelationship based on the device ID information, security information,or other information. Activation authority 310 may create an activationpackage, which may include features or options to activate on thedevice, security certificates, digital signatures, or other information.In some embodiments, the commerce authority 324 or another authority maycreate a package and send it to the activation authority 310, and theactivation authority may add information, add a digital certificate orsignature, or otherwise modify the package. In some embodiments, thecommerce authority 322 may pass limited information to the activationauthority 310, and the activation authority may return securityinformation, which the commerce authority may add to a data package.

After verifying or signing data from commerce authority 322, or creatinga data package, activation authority 310 may send information back 326to the commerce authority. In some embodiments, activation authority 310may send data or a package directly back to the activation client 316,the device 302, or another authority.

After receiving security information or other data from the activationauthority 310, the commerce authority 322 may add the securityinformation to an activation package, or verify a signature or otherauthorizing information from the activation authority. Once anactivation package is compiled with a feature set to activate on thedevice 302, or firmware or software to add to device 302, as well as anynecessary security information to prevent tampering and counterfeitingand to validate the package to the activation client 316 or device 302,the commerce authority 322 may send the package 328. The activationpackage may be sent to the activation client 316 or directly to thedevice 302.

As stated previously, an activation package may be transmitteddigitally, or it may be sent on a physical medium. It should be notedthat physical packages such as DVDs, flash drives, memory cards,dongles, or other mediums may be involved in the remote activationprocess in other ways. For example, security information for a trustedactivation authority could be loaded onto a USB key and connected todevice 302 or activation client 316 in order to establish a trustrelationship and allow feature updating.

Either the activation client 316 or the device 302 may validate theactivation package, decrypt data, install any necessary data to thedevice 302, or activate or deactivate a set of features on the device302. If the package is sent to the activation client 316, either thepackage or data extracted from the package may be sent 330 to the device302. The device 302 may perform any updates to firmware or softwaredictated by the received data to implement a specified feature set. Theactivation package may include additional information, such as securitycertificates for new authorized commerce or licensing, or activationauthorities, allowing the device to be updated by additional entities inthe future.

Turning to FIG. 4, an embodiment of a method for recipient-specificfeature activation is shown and generally designated 400. Method 400 maybe performed by a device configured to implement a specified feature setor set of options based on remote activation. The device may power on,at 402. For example, this may include detecting a connection to anotherdevice, such as by being plugged into a computer or detecting anactivation client running on a device.

Method 400 may include providing a device ID, at 404. For example, thismay include providing a UID stored on the device, a model number, orother information. In some embodiments, the information may be signed orencrypted with one or more keys stored on the device. The informationmay be transmitted to an attached device or activation client. In someembodiments a device may passively provide the device ID. For example,the device ID and other information may be stored to a RFID tag on thedevice, which can be read by scanning the device with an RFID reader. Inembodiments where device information is provided passively, the devicemay not need to be powered on at 402.

Method 400 may include receiving a package including security data and afeature set, at 406. For example, this may include receiving the packagefrom an activation client running on an attached computer, receiving thepackage over a network from an activation authority, having the datawritten to a near field communications chip on the device, loaded ontothe device through a DVD or USB drive, or through other methods.

The package may include security data. For example, the package may beencrypted or digitally signed using a private key from an activationauthority, or the package may include one or more security certificates.The package may also designate a feature set for the device. A featureset may be designated by indicating which features to activate ordeactivate on the device, from a list of features the device is alreadycapable of performing. In another embodiment, the package may includesoftware, firmware, or updates which the device may load or install inorder to perform the specified features. For example, the package mayinclude a code or key, which may correspond to a specific feature setloaded on the device.

The drive may compare the security data against stored securityinformation, at 408, and verify the authenticity of the package, at 410.The device may authenticate the package by attempting to decrypt thepackage or verify a signature using one or more keys stored on thedevice, by checking the security certificates, or through other means.If the device is unable to authenticate the package, the device may notset or activate features identified in the package, at 412. If thedevice can authenticate the package, the method 400 may include storingthe specified feature set to the device, at 414. For example, this mayinclude installing software or firmware, deleting firmware or softwarecorresponding to features not selected, updating a table of features toindicate which are active, or through other methods. In someembodiments, some or all steps of comparing security information orverifying the authenticity of the package may not be performed by thedevice. For example, an activation client may perform steps of verifyingthe package, and only forward data to the device after it has beenverified.

The method 400 may include operating according to the stored featureset, at 416. In some embodiments, a feature set may be locked in onceselected, and cannot be changed. In other embodiments, a device mayoperate according to a selected feature set until a new feature set isdesignated, for a set period of time, or according to other criteria.For example, a customer may purchase a license to use a designatedfeature set for six months, and after six months the selected featuresmay “expire” and become unusable. In other embodiments, a feature mayavailable in specific regions or geography, for example by an authorityof that region or geography. In another embodiment a feature may workonly when specific conditions in a surrounding system or network are metor authenticated. For instance, the feature could be bound to thecomputer system or network. Additionally, a feature may only be enabledwhen a local software or hardware token, smartcard, near-field authorityor other element are present to allow use of the capability or feature.Other embodiments are also possible.

Turning to FIG. 5, an embodiment of a method for recipient-specificfeature activation is shown and generally designated 500. Method 500 maybe performed by an activation client in communication with a devicewhich is configured to have a feature set remotely activated. Forexample, an activation client may include a processor running aninstruction set, a hardware and software appliance, or a simple hardwareappliance to perform the method 500.

Method 500 may include receiving device ID information, at 502. Forexample, this may include querying a device for a UID, model number,manufacturer, digital certificate, firmware version, key, or any otherdata. The requested data may be encrypted or digitally signed by thedevice. The information may also include software for a user interfaceto install on a connected device to allow a user to proceed with afeature activation process for the device. In some embodiments, thedevice information may include a listing of features or feature setswhich may be activated or deactivated.

Method 500 may include receiving a user selection of features, at 504.For example, a user may select features to implement through a userinterface of an activation program for the device. Additionalinformation may also be collected, such as payment information,personally identifying information from a user, an agreement to termsand conditions, registration information for the device, or any otherinformation. In some embodiments, feature selection may be accomplishedby means of entering a code or key, which may correspond to a select setof options. For example, a device may ship from a manufacturer without apredetermined feature set, and a user may purchase the device and acorresponding desired feature set. The user may be given a keycorresponding to the selected feature set, which may then be used toactivate the corresponding features on the device during an activationprocess.

Method 500 may include submitting the device ID or other deviceinformation, as well as any user information, to a trustedauthentication authority at 506. For example, the information may besent to a device manufacturer, or to some trusted licensing authoritywith the ability to activate features on the device. In someembodiments, the method may include contacting a commerce authority withfeature choices and payment information to unlock features. Authoritiesmay request additional information, resulting in one or more exchangesof data between an activation authority and an activation client.Information may be sent digitally (e.g. over a network), or may besubmitted physically (e.g. by printing out the necessary information andmailing it to an activation authority).

At 508, the method may include receiving a package from an activationauthority, manufacturer, or other trusted authority. The package mayinclude security information, such as encrypted or digitally signeddata, digital certificates, or other information usable to verify theauthenticity of the data activation package. The activation package mayalso include a selected feature set, firmware or software, or otherinformation to implement the recipient-specific feature activation.

At 510, the method may include verifying the authenticity of thepackage. For example, the activation client may compare the securityinformation received in the activation package against securityinformation obtained from the device or otherwise available to theactivation client. Verification may include attempting to decrypt thepackage with a given key, verifying security certificates, verifying theactivation client, or other measures.

If the activation package is determined to not be authentic (e.g. notissued by a trusted activation authority or lacking integrity), at 512,the method may include not activating the device based on the package,at 514. If the activation package is determined to be authentic, at 512,the method may include activating the device with a selected feature setbased on the package, at 516. This may include forwarding the package tothe device, or sending an activation command, or loading firmware orsoftware onto the package to implement the feature set. Other methods ofactivation are also possible.

Turning to FIG. 6, a system of recipient-specific feature activation isshown and generally designated 600. The system 600 may include a device602 configured for recipient-specific feature activation via near fieldcommunication (NFC). NFC may include a set of communication standardsallowing devices to communicate through touch or by being within arelatively small proximity with each other. A sufficient proximity mayvary according to an amount of power applied to the devices forcommunication, but is generally several meters or less. NFC is oftenaccomplished between an NFC chip or “tag,” and a reader device to readdata from or store data to the tag. A common type of NFC is radiofrequency identification (RFID), although other communication protocolsare also possible, such as any other wireless data transmission protocolcapable of performing the functions described herein.

System 600 may include a device 602 configured for recipient-specificfeature activation using near field communication. Device 602 mayinclude a NFC chip 604. A NFC chip 604 may be capable of storing data.For example, NFC chips may be read-write (can be read from and writtento or rewritten), read-only (data is stored to them initially and cannotbe changed), or write once, read many (WORM; which can be written toonce, but cannot be overwritten). NFC chips may be active orsemi-active, which may include or require batteries for increasedbroadcast range or data storage, or NFC chips may be passive “tags”,which may rely entirely on a signal from a reader device 606 as theirpower source.

NFC transmitter or reader 606 may be a device capable of reading datafrom or storing data to the NFC chip 604, without needing to power on orphysically connect to device 602. For example, the reader 606 may becapable of reading device ID, manufacturer, model number, certificate,key, or other information from the tag 604 of the device 602, and mayuse the data to request or select a feature activation package.

The reader 606 may also be able to store data to the tag 604. In anembodiment, a batch of devices may be manufactured, packaged, and loadedonto a pallet for shipping. An operator with a hand-held NFC transmitteror reader may then be capable of storing data, either encrypted orunencrypted, identifying a selected feature set for the device 602. Insome embodiments, an NFC transmitter may comprise an automated devicecapable of loading feature data on one or more devices simultaneously asthey pass through a point of a production or shipping line. For example,devices may be manufactured at a factory, then shipped to a distributoror retailer warehouse. The distributor or retailer may be sent featureactivation data, which may be stored to RFID tags on the entire shipmentof devices prior to sending the devices to a next or final destination.In another embodiment, the NFC transmitter 606 may be a mobile phone,tablet, or other personal device. A customer may be sent an activationpackage (e.g. by e-mail, SMS message, or downloaded off a website), andmay be able to use their phone to store the activation data to theirdevice. Storing encrypted data may prevent unauthorized parties fromsetting a feature set of the device. In another embodiment, write-onceread-many chips may be used, allowing an authorized authority to load afeature set, but preventing the feature set from being overwritten at alater point. Other embodiments are also possible.

Device 602 may also include a processor 608 and a memory 610. Memory mayinclude one or more volatile or non-volatile memories, include ROMs,RAM, hard disc, flash memory, or other memory formats. Processor 608 mayinclude one or more circuits or microprocessors to execute firmware,software, or other instruction sets, such as implementing selectedfeature sets for the device 602. In an embodiment, when the device 602is powered on the processor 608 may check for activation data on the NFCchip. For example, the processor 608 may be configured to check for anactivation package, and may verify the package via decryption or othermethods. The processor 608 may then implement a selected feature set.For example, this may include storing a feature configuration from theNFC chip to a memory 610, and loading firmware or software from memory610 to control operation of the device 602 according to the selectedfeatures.

FIG. 7 depicts an example embodiment of a system for recipient-specificfeature activation, generally designated 700. System 700 may correspondto a method of remotely activating a feature set using NFC, such asdescribed in relation to FIG. 6.

Activation authority 710 may provide security information, such as oneor more secure keys, to a manufacturer 704 to load onto device 702. Insome embodiments, the activation authority and manufacturer may be thesame entity. The device 702 can use the security information to verifythe authenticity of feature activation packages. The manufacturer 704may ship the device 702, now loaded with keys or other security data, toa configuration location 708.

Configuration location 708 may be a retailer or distribution warehousewhere devices may be configured with desired feature sets in bulk. Insome embodiments, configuration location 708 may comprise a finalrecipient. At configuration location 708, device 702 may be scanned, forexample using a NFC reader. Scanning device 702 may provide a UID,security information, or any other required data.

In some embodiments, the data may be transmitted to activation authority710, and may include feature selections or other information from theconfiguring entity as well. The activation authority 710 mayauthenticate the device information and any feature selections, and mayreturn an activation package to the configuration location 708. Theactivation package may include data or keys identifying a selectedfeature set, and may include digitally signed information or othersecurity data to allow the device 702 to authenticate the package.

In some embodiments, activation authority 710 may provide activationpackages or data, security certificates, or other information toconfiguration location 708 without the need to receive a specificrequest or device information first. For example, activation authority710 may provide configuration location 708 with a database includingdevice IDs for devices the configuration location is expected toreceive, along with activation data corresponding to those devices.Configuration location 708 may then be able to scan devices 702 andautomatically store the corresponding activation data to the devicewithout the need to contact the activation authority 710. In anotherembodiment, a configuration client may be provided with a set number ofactivation packages which can be “used up” as they are loaded ontodevices.

Once the configuration location 708 has an appropriate featureactivation package for device 702, the package can be stored to thedevice, for example using a NFC transmitter to store data to a NFC tagon the device. In some embodiments, an NFC transmitter may be able toprogram multiple devices simultaneously (e.g. a pallet of devices), forexample when all devices are to have the same features enabled. In someembodiments, an NFC transmitter may be able to target individualdevices, for example by loading a feature set onto a specific devicewith a target UID in a pallet of devices. The device may never need tobe turned on or unpacked to have the data loaded. When the device 702 ispowered on, at 712, it may detect the stored activation package, verifythe authenticity of the package, and activate a designated firmware orfeature set identified in the package.

Turning to FIG. 8, an example embodiment of a method forrecipient-specific feature activation is shown and generally designated800. Method 800 may correspond to an example process for featureactivation using NFC, such as the process depicted in FIG. 7. Method 800may include receiving device security information from an activationauthority, at 802. For example, a manufacturer may receive one or morekeys, digital certificates, or other security information from anactivation authority to load onto a device configured for remoteactivation. In some embodiments, the activation authority and themanufacturer may be the same entity.

The method 800 may include manufacturing a device having an NFC tag, andstoring security information to the device, at 804. The securityinformation may be used to authenticate activation packages receivedfrom an activation authority. The security information may also be usedto identify the device for authentication by an activation authority.The NFC tag may be loaded with information, such as a UID for thedevice, a model number, a manufacturer, or other information. Some orall of the information stored on the NFC tag may be encrypted ordigitally signed, such as by using a secure key of the device.

Method 800 may include shipping the device to a configuration locationat 806, such as configuration location 708 of FIG. 7. The configurationlocation may be the manufacturer's own warehouse, a distributor orretailer, or even an end recipient. At 808, the method may includereceiving a device ID, for example at an activation authority or themanufacturer, from an activation client at the configuration location.For example, an activation client may be an automated or manual RFIDreader, and may also include a hardware or software interface, and anetwork connection to contact the activation authority or manufacturer.For example, a user may enter desired options or features into asoftware user interface, which may transmit the selections to anactivation authority. The activation client may scan one or more devicesto obtain UIDs or other identifying information for the device, and maytransmit the information to the activation authority or manufacturer, toidentify and authenticate the device.

The method 800 may include determining if the device is authentic, forexample using the device ID or other identifying information, at 810. Ifthe device is not determined to be authentic, the activation authoritymay not provide an activation package, at 812. If the device isdetermined to be authentic at 810, the method may include providing anactivation package to the activation client at the configurationlocation, at 814. The activation package may include securityinformation for verifying the package, and may include a set of optionsor features to activate on the device.

The activation client may then transmit the activation package to one ormore devices, at 816. For example, the NFC reader may store theactivation package to the NFC tag of the device. In some embodiments,entire shipments or pallets of devices may be loaded with activationpackages simultaneously, for example as part of a shipment process. Whenthe device is powered on, it may detect the activation package andimplement the designated features or options. In some embodiments, datafor activation packages may be provided to the activation client withoutthe need to transmit or authenticate device information at theactivation authority, such as in steps 808 through 812.

FIG. 9 depicts an example embodiment of a method for recipient-specificfeature activation, generally designated 900. The method 900 may includea device power on event, at 902. This may be a first time the device hasbeen powered on, any subsequent power-on events, waking up from a sleepor hibernation mode, or another event.

The device may be configured with firmware to detect an activationpackage stored to a NFC tag of the device, at 904. For example, anactivation package including a feature set for the device, securityinformation, firmware or software, or other information may be stored tothe NFC tag of the device, whether or not the device is powered on. Thedevice may include firmware directing the device to check for anyactivation data stored to the NFC tag at a power on event.

The method may include verifying the authenticity of the activationpackage, at 906. For example, the device may use one or more keys storedto the device to decrypt or verify a signature on the activationpackage. If the package is not determined to be authentic, at 908, themethod may include not storing or implementing the feature setidentified in the package, at 910.

If the package is determined to be authentic, at 908, the method mayinclude storing the package feature set to a memory of the device, orotherwise implementing the identified feature set, at 912. At 914, themethod may include operating according to the feature set identified inthe package.

Turning to FIG. 10, an embodiment of a method for recipient-specificfeature activation is shown and generally designated 1000. In someembodiments, a device may be loaded with multiple potential features,options, or feature sets. Particular features to activate on the devicemay be selected after the device has shipped, for example at run time.Some example features for a data storage device may include a data blocksize, different recovery algorithms, and data encryption options.

For example, in some embodiments a device may be loaded with feature set1, feature set 2, and feature set 3, with each feature set includingunique features or a unique combination of features. Usingrecipient-specific feature activation methods and systems as describedherein, feature set 2 may be selected and activated after the device hasshipped, and feature sets 1 and 3 may not be used. In other embodiments,feature sets 1 and 2 may both be activated to run on the device, whilefeature set 3 may not be activated. In another embodiment, a device maybe loaded with potential features 1, 2, 3, 4, and 5, for example bystoring firmware capable of performing all potential features or asubset thereof. In some embodiments, features 1-5 may be the full set orsuperset of features the device firmware is configured to perform, andthe selected subset of features that are enabled may include allpotential features available on a device or less than all the features.Any combination of features 1 through 5 may be activated on the device,e.g. features 1, 2, and 5 may be selected and activated after shippingthe device.

In some embodiments, an intended recipient may have an associated set offeatures. An intended recipient may be a customer, client, shippingrecipient, geographical region, technical industry, target demographic,part of a supply chain, any other recipient, or any combination thereof.For example, the client may have ordered devices with these associatedfeatures in the past, or the client may have specifically requested tohave these features made available. In some embodiments, the client maynot want all the associated features on every device they order, and maychoose to select certain features from the set to activate on theirdevices. If a manufacturer is producing devices for a known client, itmay be desirable to load the client's associated feature set onto allthe devices. Specific features from the feature set may be remotelyactivated on different subsets of the devices as the client's specificneeds or requests become known.

Method 1000 may include loading devices A and B with CLIENT's associatedfeature superset, including features {a, b, c, d, e}, at 1002. Forexample, a manufacturer may know that CLIENT will request two devices(here, A and B), but not know which specific features CLIENT will wanton each device. The manufacturer may then load both devices with allfirmware, software, or components necessary to perform the entirefeature set associated with the client.

The method 1000 may include shipping devices A and B, 1004. For example,this may include sending the devices directly to CLIENT, or simplyshipping it from a manufacturing plant to another facility of themanufacturer, or to a shipping entity or other intermediary entity.

The method 1000 may include determining CLIENT's desired features fordevices A and B. For example, CLIENT may place orders for specificfeature sets after the devices have left the manufacturer, but before orafter arriving at CLIENT. In the depicted embodiment of FIG. 10, CLIENTmay choose to have a different set of features on device A and device B.The method 1000 may include activating device A with feature subset A,including features {a, d, e}, at 1008. Method 1000 may includeactivating device B with feature subset B, including features {b, c, ande}. The feature sets may be activated on the devices using the methodsand systems described herein. Further, CLIENT may be able to activateadditional features from the client's superset on devices A and B at alater time, since that functionality is already loaded on the device.For example, CLIENT may be able to pay for additional features through acommerce authority and receive an activation package to enableadditional features.

Turning to FIG. 11, an embodiment of a method of recipient-specificfeature activation is shown and generally designated 1100. Regardinginventory management, a stock keeping unit (SKU) may be used to identifyor keep track of a distinct product, and the SKU may cover many or allattributes of the product. For example, a red plate from a manufacturermay have one SKU, while the same plate in blue may have a different SKU.However, individual instances of the same kind of blue plate may sharethe same SKU.

An SKU for a product may include numbers, letters, other characters, ora combination thereof, and may be comprised of a number of elementsidentifying aspects of a product. For example, an SKU might include avendor, a collection, a design, a color, and a size. In anotherembodiment, a SKU may include a model number and a part number. In someembodiments, additional numbers or characters may be added to thosebased on features of the product. In yet another embodiment, an SKU maybe a collection of numbers or characters alone and not directlycorrespond to any aspects of the product.

Accordingly, when a product may have many variations in features,options, warranty coverage, or other attributes, a manufacturer may needto create and track many SKUs for all the possible variations. This canlead to managing a large number of SKUs, with an associated increasedcomplexity in supply lines. Reducing or simplifying SKUs through some orall of the supply line may increase efficiency. Further, when a productis shipped prior to determining a final feature set, a method fortracking products and managing SKUs may be required.

Method 1100 may include assigning a base SKU number to a deviceconfigured for remote feature activation, at 1102. For example, this mayinclude determining and assigning a portion of the SKU that is notdependent on the device's feature set. In an example embodiment, amanufacturer may use the model number alone. For example, a manufacturermay produce a model of devices which all have a single firmware setcapable of performing a range of functions. Specific functions may beactivated or deactivated later to produce devices with different optionsand values, which may accordingly require different SKUs, but for thepurposes of production and initial shipping they may all share a baseSKU number. In an embodiment, a base SKU number may include a modelnumber with an appended base value or placeholder value in place of afinal value corresponding to a feature set. For example, if the modelnumber is 1234, a base SKU may be 1234-0000, with the 0000 comprising anappended base value which may change based on a later-activated featureset. In another embodiment, devices may be manufactured that are capableof being configured with four feature sets, and one of the feature setsmay be activated as a “base” feature set. Accordingly, the base SKU forthe devices may correspond to the base feature set. If the feature seton any of the devices is later modified, the SKU may be adjusted tomatch the updated feature set.

Method 1100 may include associating a feature set with the device, at1104. For example, the feature set for a device may be determined afterthe device has shipped. In an embodiment, a customer may specify desiredfeatures after the device has been received or when it is still intransit. In another embodiment, activating a feature set may includeswitching from a base feature set to an alternate available feature set.Associating a feature set may include activating the feature set on thedevice using methods and systems as disclosed herein.

Method 1100 may include assigning a feature number to the device basedon the associated feature set. For example, the assigned feature set maycorrespond to feature number 0185, corresponding to the specificconfiguration of features assigned to the device. In some embodiments,the feature number may include one or more “digits” or characterpositions corresponding to each feature which may be activated ordeactivated. For example, if the device has four features which may beenabled or disabled, the feature number may be four digits long. Thecharacters or digits corresponding to each feature may indicate asetting for the feature. For example, if one of the features or optionsis a storage capacity of the device, the corresponding feature numberdigit may represent a capacity of the device in gigabytes. In someembodiments, the feature number for each feature configuration may berandomly generated or assigned by a manufacturer. Other embodiments arealso possible.

The feature number value may be included in an activation package loadedonto the device as part of a feature activation process. The device maystore the feature number in addition to other identifying informationfor the device, such as a unique identifier, a model number, or otherinformation. In some embodiments, the device may have feature numberscorresponding to the possible feature sets stored to memory, and beconfigured to determine and store an indication of the selected featurenumber or full SKU once a feature set is activated. For example, thedevice may store a pointer to the feature number corresponding to theselected feature set.

At 1108, the method may include assigning a complete SKU to the devicebased on the base SKU number (e.g. the model number) and the featurenumber. Returning to a previous example where the model number was 1234,and the base SKU was 1234-0000, the feature number may be used toreplace the 0000 value. The complete or final SKU for the product, withfeatures activated, may be 1234-0185. A device's SKU number, or thecomponent elements of the complete SKU number, may be stored internallyto the device, and may be accessed and referenced for warranty purposes,customer support, software or firmware upgrades, device validation andauthentication, or other purposes. The manufacturer may maintain alisting of SKUs and the associated device model, feature set, and otherdevice aspects. In some embodiments, a manufacturer may associate a UIDwith the SKU, for example in order to avoid providing warranty coverageand service to devices that have had their feature sets changed withoutauthorization. Device IDs and corresponding SKUs could be stored to adatabase for retrieval when service or information on a particulardevice is desired.

Accordingly, while 10,000 units may be produced with a single modelnumber, those units may later have different feature sets assigned andbecome hundreds or thousands of different final products. While thevariety of possible feature sets may result in many SKUs, the complexityand variety can be postponed until late in the supply chain or afterdelivery, increasing efficiency.

As discussed, a wide variety of features, functions, and options may beenabled, activated, deactivated, or disabled on devices according to thepresent disclosure. For example, data storage device features mayinclude recipient-specific unique capabilities and behavior, encryption,locking, device reverting, media recording, device pairing ornetworking, wear leveling, or options, or any combination thereof. Datastorage devices may include any device configured to store data, such asinternal or external hard drives, solid state memory drives, DVRs,electronic tablets, mobile phones, gaming systems, or other devices.

For example, a data storage device may have a variety of security anddata encryption features and functionality which can be activated, suchas FIPS (Federal Information Processing Standards)-compliance,self-encrypting drive (SED) functionality, Instant Secure Erase (ISE)functionality, or Securing Diagnostics and Downloads (SDnD). Rather thandeveloping, testing, and storing firmware for different combinations ofsecurity features, in some embodiments a single firmware may bedeveloped and tested that is capable of performing all securityfeatures, with the option to activate, deactivate, or permanentlydisable various features. For example, instructions for various featuresmay be deleted from the device to permanently disable the features.

In an embodiment, each of FIPS, SED, SDnD, and ISE may comprise adifferent security configuration of device features and attributes.Instead of setting a feature configuration at the firmware compile time,the firmware may include logical ports for each configuration of SED,ISE, SDnD, and FIPS, with diagnostics commands to change theconfiguration in run time. For example, device configuration may only beavailable through one or more locked ports. The logical ports may beselected or unlocked through trusted computing group (TCG) commands,which can check the authority and credentials of a command to determinewhether the agent is allowed to perform the operation.

Turning to FIG. 12, an example embodiment of recipient-specific featureactivation is shown and generally designated 1200. When the drive isprocessed, e.g. during the manufacturing process, the drive's serialnumber may be recorded and a key pair may be generated, such as apublic-private key pair, at 1202. At 1204, the private key may bemaintained by a manufacturer, or shared with one or more trustedauthorities, such as licensing, commerce, or activation authorities. Forexample, drive IDs and corresponding keys, as well as other verificationinformation, may be stored to one or more databases. The public key maybe assigned to and loaded on the drive.

In order for the drive to process changes to the logical ports, arequesting entity may need to provide proof of authority. In an exampleembodiment, when a drive receives a feature selection request, at 1206,the drive may generate a random output string, at 1208. The string anddevice serial number may be sent to an activation authority. In someembodiments, an activation client may also need to provide an ID,password, or other verifying information. Once the activation authorityhas optionally verified the device or activation client, the activationauthority may “sign” the random string by encrypting it using theprivate key corresponding to the device, at 1210. The encrypted stringmay then be transmitted to the device or activation client, at 1212. Thedrive may verify the authority of the requestor by decrypting theencrypted string using the public key stored on the device. If thedecrypted string matches the string generated by the device, the devicemay enable the requested configuration, at 1214.

In another embodiment, a data storage device may have differentimplementations for data block sizes. A feature which may be selected oradjusted on a data storage device may include a block size emulationparameter. Block size emulation may include performing datacommunications with a first data block size and performing data accessoperations to a data storage medium of the device with a second datablock size For example, data storage drives may be configured to have aset physical sector size, such as 512N (i.e. 512-byte block size) or 4KN(i.e. 4 KB block size), wherein the “N” may refer to the natural, oractual size of the data blocks used by the data storage medium. However,a drive may also be configured to emulate a different block size thanthe actual size used by the device, for example to be compatible withvarious operating systems or programs. For example, a drive may beconfigured as 512E, representing a 512-byte block size emulation forinterfacing with software or devices, while having a different naturalblock size used by the device itself. Other natural and emulated blocksizes are also possible. Reconfiguring the block size emulation of adevice by loading or changing firmware at the factory can be inefficientfor the supply chain.

However, employing remote feature activation allows for rapidly andsecurely changing the block emulation size by establishing a connectionand activating a desired configuration. FIG. 13 depicts an exampleembodiment of a method for recipient-specific feature activationgenerally designated 1300. At 1302, the method may include shipping adata storage device configurable to employ different block sizeconfigurations. For example, the data storage device may include one ormore firmware sets allowing the device to employ different natural oremulated block sizes. The device may have an initial block sizeconfiguration which can be changed later, or the device may need to beactivated with a particular block size configuration before it can beused for storing data.

At 1304 the method may include remotely loading an activation packageonto the device for a new block size configuration. The data package maybe loaded onto the device as described in the examples and embodimentsherein. For example, this may include steps of receiving a device ID orother identifying information, verifying the device, and delivering anactivation package to the device, which may include security informationand identify a feature set to activate on the device.

At 1306, the device may authenticate the activation package andimplement a new block size configuration based on the package. Forexample, the device may authenticate security information received withthe activation package using keys or certificates stored on the device.This may prevent unauthorized changes to the device's block sizeconfiguration, which could cause format corruption or other problems onthe device. The device may select a firmware set or configure deviceoperations based on the block size configuration identified in theactivation package. The activation package may also include settings forother features of the device. In some embodiments, the block sizeconfiguration may be changed by another activation package at a latertime.

In accordance with various embodiments, the methods described herein maybe implemented as one or more software programs running on a computerprocessor or controller device. In accordance with another embodiment,the methods described herein may be implemented as one or more softwareprograms running on a computing device, such as a personal computer thatis using a data storage device such as a disc drive. Dedicated hardwareimplementations including, but not limited to, application specificintegrated circuits, programmable logic arrays, and other hardwaredevices can likewise be constructed to implement the methods describedherein. Further, the methods described herein may be implemented as acomputer readable storage medium or device, such as hardware componentsstoring instructions that when executed cause a processor to perform themethods. Instructions for performing the methods disclosed herein mayalso be broadcast to a device for execution using computer readabletransmission media.

The illustrations of the embodiments described herein are intended toprovide a general understanding of the structure of the variousembodiments. The illustrations are not intended to serve as a completedescription of all of the elements and features of apparatus and systemsthat utilize the structures or methods described herein. Many otherembodiments may be apparent to those of skill in the art upon reviewingthe disclosure. Other embodiments may be utilized and derived from thedisclosure, such that structural and logical substitutions and changesmay be made without departing from the scope of the disclosure.Moreover, although specific embodiments have been illustrated anddescribed herein, it should be appreciated that any subsequentarrangement designed to achieve the same or similar purpose may besubstituted for the specific embodiments shown.

This disclosure is intended to cover any and all subsequent adaptationsor variations of various embodiments. Combinations of the aboveembodiments, and other embodiments not specifically described herein,will be apparent to those of skill in the art upon reviewing thedescription. Additionally, the illustrations are merely representationaland may not be drawn to scale. Certain proportions within theillustrations may be exaggerated, while other proportions may bereduced. Accordingly, the disclosure and the figures are to be regardedas illustrative and not restrictive.

What is claimed is:
 1. A method comprising: determining a set of features to include in a device, the set of features specifically associated with an intended recipient; storing firmware adapted to execute the set of features to the device based on the intended recipient; receiving a feature selection request; providing a random data string based on the feature selection request; receiving at the device, from an activation entity remote from the device, an activation package including: an indication limiting the device to performing a subset of the set of features; an encrypted copy of the random data string; decrypting the encrypted copy based on a stored key to authenticate the activation package; permanently disabling features of the set of features identified in the activation package; and remotely enabling the subset on the device.
 2. The method of claim 1 further comprising: determining the set of features to include based on prior orders from the intended recipient.
 3. The method of claim 1 further comprising: determining the set of features to include based on the intended recipient requesting that the set of features be made available to the intended recipient.
 4. The method of claim 1 further comprising: shipping the device from a manufacturing location after storing the firmware and prior to enabling the subset.
 5. The method of claim 1 further comprising: storing firmware capable of executing the set of features to a plurality of devices for the intended recipient; and based on selections by the specific intended recipient, remotely enabling a first subsets of features on a first device of the plurality of devices and remotely enabling a second subset of features on a second device of the plurality of devices.
 6. The method of claim 1 further comprising: remotely enabling additional features from the set of features after remotely enabling the subset.
 7. The method of claim 1 further comprising: remotely enabling the subset includes permanently deactivating features from the set of features outside the subset.
 8. The method of claim 1 further comprising: remotely enabling the subset includes submitting the activation package for the device, the activating package identifying the subset and including security information to authenticate the activation package; and loading, in the device, security data configured for verifying the security information of the activation package.
 9. A device comprising: a storage medium storing firmware for executing a superset of device features, the superset specifically associated with an intended recipient of the device; a processor configured to: receive a feature selection request; provide a random data string based on the feature selection request; receive, from an activation entity remote from the device, an activation package including: an indication limiting the device to performing a subset of the superset; an encrypted copy of the random data string; decrypt the encrypted copy based on a stored key to authenticate the activation package; permanently disable features of the superset identified in the activation package; and implement an operating state including the subset.
 10. The device of claim 9, the processor further configured to: provide identifying information to authenticate the device to the activation entity.
 11. The device of claim 9 further comprising: receive the activation package including the indication and security information; the processor further configured to: authenticate the activation package based on the security information; and not implement the operating state including the subset when the activation package is not authenticated.
 12. The device of claim 11 further comprising: the security information includes digitally signed data; the processor further configured to authenticate the digitally signed data using a key stored on the device.
 13. The device of claim 9, the processor further configured to: limiting the device to performing the subset by permanently deactivating device features of the superset based on the indication.
 14. The device of claim 9, further comprising: the intended recipient includes a customer having purchased the device.
 15. The device of claim 9, the processor configured to receive the indication from the activation entity over a network.
 16. A device comprising: a data storage device including: a memory storing firmware for executing a superset of features specifically determined based on an intended recipient, the firmware loaded to the device during a manufacturing process and adapted to have multiple potential configurations of subsets of features from the superset to control operation of the device; an interface to: receive a feature selection request; receive, from an activation entity remote from the device, an indication limiting the device to implementing a selected configuration from the multiple potential configurations; a processor configured to: provide a random data string based on the feature selection request; receive an activation package including the indication and an encrypted copy of the random data string; decrypt the encrypted copy based on a stored key to authenticate the activation package; permanently disable features of the superset identified in the activation package; and operate the device based on the selected configuration.
 17. The device of claim 16, the processor further configured to provide identifying information to authenticate the device to the activation entity.
 18. The device of claim 16 the processor further configured to limit the device from performing features from the superset not included in the selected configuration. 